CVE-2022-49277: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49277 is a memory leak vulnerability discovered in the Linux kernel's JFFS2 (Journalling Flash File System version 2) filesystem component. The vulnerability was identified in the jffs2_do_mount_fs() function, where resources allocated in jffs2_sum_init() are not properly released when jffs2_build_filesystem() returns an error (Kernel Git).

The vulnerability occurs in the filesystem mounting process when jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error. The issue manifests as unreferenced memory objects, specifically one of size 64 bytes and another of size 65536 bytes, which are allocated but not properly freed. The memory leak is triggered during the mount operation and can be observed through kmemleak reports (NVD).

The memory leak can lead to gradual system memory consumption over time when mounting and unmounting JFFS2 filesystems. While this doesn't present an immediate security risk, it could potentially lead to system performance degradation or stability issues if the leaked memory accumulates significantly (Ubuntu Security).

The issue has been fixed by adding a call to jffs2_sum_exit() to release the allocated resources when an error occurs. The fix was implemented in the Linux kernel through a patch that modifies the error handling path in jffs2_do_mount_fs(). Users should update to a patched kernel version that includes this fix (Kernel Git).